Storage Management Strategies for the CIO
This article can also be found in the Premium Editorial Download "Storage magazine: Salary survey reveals storage skills are in demand."
Download it now to read this article plus other related content.
Leverages tape compression. Tape compression can provide a 300% improvement in throughput, reduce media costs and decrease the number of physical tapes. To take advantage of the operational benefits of compression and the security advantages of encryption, tapes must be compressed before being encrypted. To achieve operational and security goals, ETE can distribute encryption services where cryptographic processing can reside behind tape compression.
Like other distributed services architectures, ETE changes the way tape encryption is performed. ETE services are available for disparate systems, apps and devices as needed. Users can achieve operations and security benefits from centralized encryption management, while realizing performance advantages from distributed cryptographic processing.
The ETE architecture will consist of three independent service layers that communicate and cooperate to manage and execute encryption operations. They include:
Encryption service requesters. Various systems and apps that need to encrypt data can call the encryption services layer and relay which data needs to be scrambled.
Encryption services layer. The ETE services layer is the workhorse of the architecture and masks the complexity of enterprise tape encryption from applications and devices.
Cryptographic processing layer. Actual encryption operations can live anywhere in the infrastructure. When a cryptographic processor receives
Requires Free Membership to View
a request to encrypt data, it calls the key management server and asks it to generate an encryption key. Once it receives the encryption key, it performs the requested cryptographic operations.
Given the services-based architecture of ETE and the distributed nature of systems and devices in a typical enterprise, the goal of ETE is to provide flexibility for any-to-any tape-encryption requirements. For example, a backup system could ask for encryption services from any available drive in a tape farm comprising multiple libraries. Likewise, an archiving system could encrypt large files to a set of remote tape drives in a secure location. And as new servers, backup apps and tape drives are added across the enterprise, they can join the ETE process because it's controlled by the ETE services layer rather than hardwired into specific systems.
The bottom line
Smart companies understand that tape encryption is necessary today and will only become more critical in the future. But companies need to take a more strategic approach by building a services-based architecture that can meet current needs and scale to accommodate future needs.
This was first published in November 2006
Join the conversationComment
Share
Comments
Results
Contribute to the conversation